38074c805aa2489d89d006d4f7409dd8b4e02c08d98328cc9bc2702efc908a36 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38074c805aa2489d89d006d4f7409dd8b4e02c08d98328cc9bc2702efc908a36
Size

1.3MB
MD5

13f6844a3f4a832d06abb6f855d23bdd
SHA1

54b7550be8033a000c1fa596fd44b968596fb367
SHA256

38074c805aa2489d89d006d4f7409dd8b4e02c08d98328cc9bc2702efc908a36
SHA512

141667226994401f39b860275914647ba2bc7eff54b121ac2998a1a12b9cf33d1ccb277147b5f6293909c8ddf2d30b200b6bd5725f43321dadafa5b6e2e98c7b
SSDEEP

24576:NSLtl5kBsla+zlJFyRMaf5wXUMLM/ZwD7NkX+8TkAXmPBQ8BuMFwdFropI5fVv4k:Nw5kBqlCeXUEM/O/NCYA2PJBuMFwEpIT

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38074c805aa2489d89d006d4f7409dd8b4e02c08d98328cc9bc2702efc908a36

Files

38074c805aa2489d89d006d4f7409dd8b4e02c08d98328cc9bc2702efc908a36
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvxzt
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yno
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vzkj
Size: 512B - Virtual size: 4KB

.lygia
Size: 512B - Virtual size: 4KB

.o
Size: 512B - Virtual size: 4KB